Encountered during a save file load. Looks like Message constructor has no checks on the sanity of the buffer being passed to it. As seen by gcc's sanitizer:
==9099==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020003e8250 at pc 0x55c1c3f5032e bp 0x7f67d737c7d0 sp 0x7f67d737c7c0
READ of size 6 at 0x6020003e8250 thread T261
#0 0x55c1c3f5032d in net::Message::hasFlags() const source/network/source/message.cpp:303
#1 0x55c1c3f4c3ff in net::Message::setPacket(char*, unsigned int) source/network/source/message.cpp:98
#2 0x55c1c3a0da0d in scripts::Manager::load(SaveFile&) source/game/scripts/manager.cpp:1371
#3 0x55c1c31cb8e3 in loadGame(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) source/game/main/save_load.cpp:301
#4 0x55c1c30ec290 in operator() source/game/main/initialization.cpp:1492
#5 0x55c1c310e4c3 in _M_invoke /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/include/g++-v8/bits/std_function.h:282
#6 0x55c1c3f06619 in std::function<int ()>::operator()() const /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/include/g++-v8/bits/std_function.h:687
#7 0x55c1c3f03e50 in threads::asyncWrapper(void*) source/os/source/threads.cpp:9
#8 0x55c1c3f06b10 in threads::startThread(void*) source/os/source/threads_gcc.cpp:26
#9 0x7f689b946969 (/lib64/libpthread.so.0+0x7969)
#10 0x7f689a2ee5fe in clone (/lib64/libc.so.6+0x1035fe)
0x6020003e8252 is located 0 bytes to the right of 2-byte region [0x6020003e8250,0x6020003e8252)
allocated by thread T261 here:
#0 0x7f689cfc4090 in __interceptor_malloc /var/tmp/portage/sys-devel/gcc-8.2.0-r3/work/gcc-8.2.0/libsanitizer/asan/asan_malloc_linux.cc:86
#1 0x55c1c3f4bcfa in net::Message::Buffer::copyPacket(unsigned char*, unsigned int) source/network/source/message.cpp:60
#2 0x55c1c3f4c0fb in net::Message::setPacket(char*, unsigned int) source/network/source/message.cpp:87
#3 0x55c1c3a0da0d in scripts::Manager::load(SaveFile&) source/game/scripts/manager.cpp:1371
#4 0x55c1c31cb8e3 in loadGame(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) source/game/main/save_load.cpp:301
#5 0x55c1c30ec290 in operator() source/game/main/initialization.cpp:1492
#6 0x55c1c310e4c3 in _M_invoke /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/include/g++-v8/bits/std_function.h:282
#7 0x55c1c3f06619 in std::function<int ()>::operator()() const /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/include/g++-v8/bits/std_function.h:687
#8 0x55c1c3f03e50 in threads::asyncWrapper(void*) source/os/source/threads.cpp:9
#9 0x55c1c3f06b10 in threads::startThread(void*) source/os/source/threads_gcc.cpp:26
#10 0x7f689b946969 (/lib64/libpthread.so.0+0x7969)
Thread T261 created by T0 here:
#0 0x7f689cf20bf3 in __interceptor_pthread_create /var/tmp/portage/sys-devel/gcc-8.2.0-r3/work/gcc-8.2.0/libsanitizer/asan/asan_interceptors.cc:202
#1 0x55c1c3f06d69 in threads::createThread(unsigned int (*)(void*), void*) source/os/source/threads_gcc.cpp:41
#2 0x55c1c3f03edc in threads::async(std::function<int ()>) source/os/source/threads.cpp:16
#3 0x55c1c30edba7 in initGame() source/game/main/initialization.cpp:1489
#4 0x55c1c3c89c24 in main source/game/main.cpp:836
#5 0x7f689a20cae6 in __libc_start_main (/lib64/libc.so.6+0x21ae6)
Encountered during a save file load. Looks like Message constructor has no checks on the sanity of the buffer being passed to it. As seen by gcc's sanitizer: